Using cookies on web pages has become a part of the internet world’s everyday life. At the same time, using cookies has created an opportunity to seriously intervene in users’ private lives without them knowing.
In the European Justice Area, the use of cookies is regulated by Data Protection Directive 95/46/EC, E-Privacy Directive 2002/58/EC. A Working Party of the European Data Protection Authorities has also issued an opinion on the use of cookies.
The Data Protection Inspectorate has drafted explanatory material, the purpose of which is to give an overview of cookies – what they are, what they are used for and what a user can do to restrict the use of cookies or to refuse the use of them altogether.
COOKIES
A cookie is a small-scale text file, which is sent to the user’s web browser by a web server, and which is saved on the hard drive of the user’s computer.
Cookies are qualified as grayware, which is not dangerous, but can still cause inconvenience to the user. This is why cookies are also scanned by virus protection programs in addition to viruses, and offer a chance to decide which cookies to keep and which ones to delete.
Cookies by themselves do not read data from the user’s computer, or send it to the vastness of the internet. Still, the data collected by the cookies may be sold to third parties. Later, the user will receive marketing commercial communications.
PURPOSE OF COOKIES
Web pages use cookies to offer users a more personal service experience and to make it easier to navigate on the web page. For example, cookies enable one to remember the user’s preferences on the web page (language choice) or to skip signing in to the web page each time. Cookies are mostly used to collect statistical data, monitoring users’ preferences when visiting web pages. This does not pose a direct threat to the user, but from the viewpoint of data protection, this kind of action can be considered a violation of personal privacy. This is the case when a web page does not have a notification about using the cookies. The administrators of the web pages are obliged to present clear and understandable information on their web page about which kind of cookies their web page uses and for what purpose. In this way, the user can decide if, and which cookies to allow or forbid.
TYPES OF COOKIES
Essentially, there are two types of cookies:
Temporary cookies, also known as session cookies are deleted by the computer after the web browser is closed. Temporary cookies are used e.g. to remember the language choice on the web page.
Persistent cookies are saved on the user’s computer after the web browser is closed. These are used by web pages e.g. to save the user name and password, so that the user doesn’t have to enter them each time they use the certain web page. Persistent cookies can stay on the user’s computer for days, months or even years.
In the view of ownership, cookies are shared:
The author’s or first-party cookies, which originate from the web page being viewed, and can be both persistent or temporary. Using these cookies, web pages can save the data that will be used the next time you visit the page. From the viewpoint of the processing of personal data, the one who installs the first-party cookies is the Data Controller (or any other assigned employee), who administers the visited web page.
Third party cookies, which originate e.g. from advertisements of other web pages, that are located on the web page visited by the user. From the viewpoint of the processing of personal data, the one who installs the third-party cookies is the Data Controller, who is not the administrator of the visited web page.
Specifically cookies are also divided into:
Technical cookies, that are necessary for the user to be able to navigate and use the functions of the web page altogether.
Analytical cookies, that collect data about how the web page is used. For example, which web pages are visited most often and whether the users get error messages from the web pages. These cookies do not collect data which would able to directly identify the user of the web page. However, analytical tracking of computer usage can lead to indirectly identifying the user.
Authentication cookies, which allow the web page to remember the choices that the user has made (e.g. name, language, area). These cookies are mostly used by web pages e.g. to identify the signed in user (Internet banking web pages), users can access content such as account balance, transfers etc., authenticating themselves through visiting various webpages. Authentication cookies are mostly temporary cookies.
Advertising cookies, which web pages use to offer advertising that is targeted by the user’s interests. Cookies regulate how many times the user sees any certain advertisement and also help to measure the effectiveness of the advertisement campaign.
Cookies used for multimedia presentation, that save the necessary technical information for a saved video or audio material presentation, such as image performance, network connection speed and buffering parameters. These kinds of multimedia cookies are mostly known as flash cookies, since the internet video technology used most often is Adobe Flash. Since presenting multimedia is generally of a temporary nature, these cookies should also expire when the session ends.
Communication plugin cookies for sharing information
Many social networks offer social plug-in modules, which can be applied to the web page service logic by the administrator. These modules let social network users share their favoured content with their friends. These plugins save cookies on the user’s terminal equipment and gain access to them, so that the social network can identify its members who use these plugins to communicate.
RESTRICTING OR REFUSING THE USE OF COOKIES ALTOGETHER
The computer user can take preventative measures by themselves, to avoid saving cookies on their computer. To do this, the user has to change the browser privacy settings. Blocking all the cookies may help protect the user’s privacy, but at the same time restrict access to some web pages.
The user can start with blocking all the cookies used in the browser and based on further experience, only allow cookies on trusted web pages.
The following links guide the way that the user can set up the most common browsers concerning cookies and security settings: